CVE-2015-1781

Buffer overflow in the gethostbyname_r and other unspecified NSS functionsin the GNU C Library (aka glibc or libc6) before 2.22 allowscontext-dependent attackers to cause a denial of service (crash) or executearbitrary code via a crafted DNS response, which triggers a call with amisaligned buffer.

Ubuntu-Description

Arjun Shankar discovered that in certain situations the nss_dns codein the GNU C Library did not properly account buffer sizes whenpassed an unaligned buffer. An attacker could use this to cause adenial of service or possibly execute arbitrary code.